Mac OS X Bug Opens A Pathway For Adware

Sounds to me like the hackers are starting to spread out when it comes to who gets malware these days.

While the details of the latest vulnerability to the Mac OS 10.10 are esoteric, Malwarebytes has found an adware installer already using this exploit in the wild.

The latest security problem for Mac OS originates in the code that Apple wrote in the 10.10 system software that bypasses the kinds of privilege checking done in other parts of the OS. With this code, Apple provided a way for exploiters to gain root access to OS X. Root access allows them to execute whatever code they want without hindrance.

Security researcher Stefan Esser wrote in his July 7 blog about a privilege escalation exploit associated with the DLYD_PRINT_TO_FILE environment variable. This variable allows the system to push output to a file other than the usual standard error (stderr) one. This is the part of Apple's system code where the lack of file checking occurred.